Windows – How do you configure NLA for RDP in Windows Server 2012

Securitywindows server 2012

The Super User question Is windows remote desktop secure? describes Network Level Authentication (NLA) and how to configure it in Windows Server 2008. Unfortunately, the GUI option to configure NLA is gone in Windows Server 2012.

How do you require NLA or limit RDP clients so that only new, higher security client connections can be established?

Best Answer

According to the Windows Server 2012 Group Policy Reference guide:

On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.

While the option to enable or disable NLA has been removed from the GUI interface, it's still configurable via the Group Policy setting Require user authentication for remote connections by using Network Level Authentication found at Computer\Policies\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security. This setting must be applied to the server running the RDSH role.